|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MISC-2001-004 - 28 candidates
I am proposing cluster MISC-2001-004 for review and voting by the Editorial Board. Name: MISC-2001-004 Description: Misc. candidates announsed between 5/31/2001 and 12/27/2001 Size: 28 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1350 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. Analysis ---------------- ED_PRI CAN-2001-1350 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1351 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020602 Category: SF/CF/MP/SA/AN/unknown Reference: REDHAT:RHSA-2001:162 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=namazu&q=b Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. Analysis ---------------- ED_PRI CAN-2001-1351 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1352 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:179 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060476404565&w=2 Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100947261916155&w=2 Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101068116016472&w=2 Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. Analysis ---------------- ED_PRI CAN-2001-1352 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1353 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1353 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020602 Category: SF Reference: MISC:http://marc.theaimsgroup.com/?l=lprng&m=100083210910857&w=2 Reference: REDHAT:RHSA-2001:138 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-138.html ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. Analysis ---------------- ED_PRI CAN-2001-1353 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1359 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: CF Reference: CALDERA:CSSA-2001-021.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt Reference: BID:2850 Reference: URL:http://www.securityfocus.com/bid/2850 Reference: XF:volution-authentication-failure-access(6672) Reference: URL:http://xforce.iss.net/static/6672.php Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. Analysis ---------------- ED_PRI CAN-2001-1359 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1367 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&; Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1367 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: a post on the vendor web page states "Due to a stupid mistake on a line in the checkAccess() function, PHPSlice 0.1.4 (and potentially all earlier releases as well) has a gaping security hole that allows any user to perform administrative tasks if they enter the correct URL." ACCURACY: while the vendor's statement implies that the problem was fixed after 0.1.4, a review of the source code indicates that it actually wasn't fixed until 0.1.7. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1369 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: FREEBSD:FreeBSD-SA-02:14 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc Reference: BID:3319 Reference: URL:http://online.securityfocus.com/bid/3319 Reference: XF:postgresql-pam-authentication-module(7110) Reference: URL:http://www.iss.net/security_center/static/7110.php Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. Analysis ---------------- ED_PRI CAN-2001-1369 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1370 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1370 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3 Reference: URL:http://www.securityfocus.com/archive/1/198768 Reference: BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99616122712122&w=2 Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released Reference: URL:http://online.securityfocus.com/archive/1/198495 Reference: CONECTIVA:CLA-2001:410 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 Reference: CALDERA:CSSA-2001-027.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-027.0.txt Reference: DEBIAN:DSA-073 Reference: URL:http://www.debian.org/security/2001/dsa-073 Reference: BID:3079 Reference: URL:http://www.securityfocus.com/bid/3079 Reference: XF:phplib-script-execution(6892) Reference: URL:http://www.iss.net/security_center/static/6892.php prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. Analysis ---------------- ED_PRI CAN-2001-1370 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1371 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2 Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf Reference: CERT-VN:VU#736923 Reference: URL:http://www.kb.cert.org/vuls/id/736923 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf Reference: BID:4289 Reference: URL:http://www.securityfocus.com/bid/4289 The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. Analysis ---------------- ED_PRI CAN-2001-1371 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1372 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010917 Yet another path disclosure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100074087824021&w=2 Reference: BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119633925473&w=2 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CERT-VN:VU#278971 Reference: URL:http://www.kb.cert.org/vuls/id/278971 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf Reference: BID:3341 Reference: URL:http://www.securityfocus.com/bid/3341 Reference: XF:oracle-jsp-reveal-path(7135) Reference: URL:http://xforce.iss.net/static/7135.php Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. Analysis ---------------- ED_PRI CAN-2001-1372 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1373 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010718 ZoneAlarm Pro Reference: URL:http://www.securityfocus.com/archive/1/197681 Reference: CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362 Reference: XF:zonealarm-bypass-mailsafe(6877) Reference: URL:http://xforce.iss.net/static/6877.php Reference: BID:3055 Reference: URL:http://www.securityfocus.com/bid/3055 MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. Analysis ---------------- ED_PRI CAN-2001-1373 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the product's release history includes a heading titled "New and improved features in ZoneAlarm Pro version 2.6.231," which states: "MailSafe improvements to better handle attachments of long file names" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1374 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187 Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:expect-insecure-library-search(6870) Reference: URL:http://xforce.iss.net/static/6870.php Reference: BID:3074 Reference: URL:http://www.securityfocus.com/bid/3074 expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. Analysis ---------------- ED_PRI CAN-2001-1374 1 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1375 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:tcltk-insecure-library-search(6869) Reference: URL:http://www.iss.net/security_center/static/6869.php Reference: BID:3073 Reference: URL:http://www.securityfocus.com/bid/3073 tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. Analysis ---------------- ED_PRI CAN-2001-1375 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1354 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1354 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows Reference: URL:http://online.securityfocus.com/archive/1/198293 Reference: XF:netwin-nwauth-weak-encryption(6866) Reference: URL:http://xforce.iss.net/static/6866.php Reference: BID:3075 Reference: URL:http://www.securityfocus.com/bid/3075 NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. Analysis ---------------- ED_PRI CAN-2001-1354 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1355 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1355 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows Reference: URL:http://online.securityfocus.com/archive/1/198293 Reference: BID:3077 Reference: URL:http://www.securityfocus.com/bid/3077 Reference: XF:netwin-nwauth-bo(6865) Reference: URL:http://xforce.iss.net/static/6865.php Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. Analysis ---------------- ED_PRI CAN-2001-1355 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1356 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010804 SurgeFTP admin account bruteforcable Reference: URL:http://online.securityfocus.com/archive/1/201951 Reference: XF:surgeftp-weak-password-encryption(6961) Reference: URL:http://www.iss.net/security_center/static/6961.php Reference: BID:3157 Reference: URL:http://www.securityfocus.com/bid/3157 NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. Analysis ---------------- ED_PRI CAN-2001-1356 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1357 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://www.phpheaven.net/projects/phpMyChat/changes.php3 Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. Analysis ---------------- ED_PRI CAN-2001-1357 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE, SF-LOC, SF-EXEC ABSTRACTION/ACCURACY: The vendor's change log merely says that "two security issues [have] been fixed," but provides no additional details. The affected files were inferred from "security fix" comments in a diff report between 0.14.4 and 0.14.5. There is insufficient time to spend on this item by researching the issue more closely, but the addition of a check for an IP address suggests user spoofing. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1358 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://www.phpheaven.net/projects/phpMyChat/changes.php3 Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter. Analysis ---------------- ED_PRI CAN-2001-1358 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE, SF-LOC, SF-EXEC ABSTRACTION/ACCURACY: The vendor's change log for 0.14.4, dated 20010531, merely says that "some important security fixes have been merged." While that is not enough detail to support this item's description, some diffs between 0.14.4 and 0.14.3 makes it clear that at the very least, the localization parameter is affected. However, there may be other issues as well. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1360 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1360 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. Analysis ---------------- ED_PRI CAN-2001-1360 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE ACKNOWLEDGEMENT: The ChangeLog-1.0.5 file, dated 2001-04-22, says "Point to pnm/saned security risks". There isn't any more information, but CD:VAGUE suggests that even vulnerabilities that are vaguely described by the vendor, should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1361 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. Analysis ---------------- ED_PRI CAN-2001-1361 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE ACKNOWLEDGEMENT: The changelog for 2.7.1 says [1] "added security rights to search module" and [2] "fixed bug in generating mailto links not properly checking the security." [1] seems like a security enhancement, not a vulnerability, although perhaps it is an enhancement that's designed to overcome a design flaw. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1362 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: unknown Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: CONFIRM:http://freshmeat.net/releases/51981/ Vulnerability in the server for nPULSE before 0.53p4. Analysis ---------------- ED_PRI CAN-2001-1362 3 Vendor Acknowledgement: yes changelog Content Decisions: EX-BETA, VAGUE INCLUSION: CD:VAGUE states that vaguely written security advisories from vendors should still be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1363 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. Analysis ---------------- ED_PRI CAN-2001-1363 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE ACKNOWLEDGEMENT: The original poster quoted this phrase: "Minor bugfixes, including a fix for a minor security flaw (only effects sites running multiple instances of phpWebSite under a single domain)." That could not be found in the download, but the comments for config.php are fairly clear, starting on line 118: "You need to change this [security hash] to a random string, it can be any length but longer is better. This fixes the security problem that occurs when multiple instances of phpWebSite are installed under a single domain. If you only have a single instance of phpWebSite per domain, you need not worry about this fix - although setting the security hash to a random string won't hurt :-)" There is a comparison "if ($admintest == $security_hash)" in various files, and admin.php contains the comment "The seesion variable admintest is used to make sure an administrator has logged in. If NOT then it calls the login() function at the bottom of this switch statement." Version 0.7.8 does not have the $security_hash variable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1364 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: CONFIRM:ftp://ftp.earth.li/pub/projectpurple/autodns-0.0.4.tar.gz Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified. Analysis ---------------- ED_PRI CAN-2001-1364 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE, EX-BETA ACKNOWLEDGEMENT: the original discloser quotes a statement from the vendor, "Minor security fixes in terms of checking of domain names, and locking of file access." A diff between autodns-0.0.3 and autodns-0.0.4 does not make it clear what the nature of an exploit might be, though it may be related to zone entries that do not have at least one valid "." in them. The valid_domain() function, new in 0.0.4, clearly checks that domain names end in .org, .com, etc. (some sort of .ZONE), whereas the check in 0.0.3 did not go to this level, although it did at least verify that the domain contained only alphanumeric characters, periods, and hyhens. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1365 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: unknown Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: CONFIRM:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0011.html Vulnerability in IntraGnat before 1.4. Analysis ---------------- ED_PRI CAN-2001-1365 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE ACKNOWLEDGEMENT: the vendor web site is down, and apparently the product has been discontinued. However, a change notice to Freshmeat for version 1.4 says "A security update was added." This implies that *some* vulnerability was fixed. By CD:VAGUE, even this vague notification is good enough to be included in CVE, since it comes from the vendor. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1366 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: CONFIRM:http://netscript.sourceforge.net/netscript-1.6.2.tgz netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information. Analysis ---------------- ED_PRI CAN-2001-1366 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE ACKNOWLEDGEMENT: The ChangeLog in version 1.6.3 says: "Changed support of parsing remote data, to not parse dynamic variables. this will remove some funcationality. but, it is much more of a security risk to disclose, or use dynamic variables via remote input." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1368 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1368 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: HP:HPSBUX0106-152 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0059.html Reference: XF:hp-virtualvault-iws-corrupt-data(6697) Reference: URL:http://xforce.iss.net/static/6697.php Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data. Analysis ---------------- ED_PRI CAN-2001-1368 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION/INCLUSION: HP:HPSBUX0106-152 may already address CAN-2001-0431, CAN-2001-0746, or CAN-2001-0747, but the advisory is so vague that it cannot be certain. The advisory only refers to "a" vulnerability and not multiple vulnerabilities, so it clearly only addresses one of the pre-existing CANs, at most. It is safest to create a separate item. This is a good poster child for CD:VAGUE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1376 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1376 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20011113 More problems with RADIUS (protocol and implementations) Reference: URL:http://online.securityfocus.com/archive/1/239784 Reference: BUGTRAQ:20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101537153021792&w=2 Reference: CERT:CA-2002-06 Reference: URL:http://www.cert.org/advisories/CA-2002-06.html Reference: CERT-VN:VU#589523 Reference: URL:http://www.kb.cert.org/vuls/id/589523 Reference: SUSE:SuSE-SA:2002:013 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html Reference: CONECTIVA:CLA-2002:466 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 Reference: REDHAT:RHSA-2002:030 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-030.html Reference: BID:3530 Reference: URL:http://www.securityfocus.com/bid/3530 Reference: XF:radius-message-digest-bo(7534) Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data. Analysis ---------------- ED_PRI CAN-2001-1376 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: There are many RADIUS implementations with a common codebase. While CD:SF-CODEBASE suggests that we SPLIT items for each codebase, the history is complicated, and all (or most) implementations are derived from the same one or two original codebases. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1377 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101537153021792&w=2 Reference: CERT-VN:VU#936683 Reference: URL:http://www.kb.cert.org/vuls/id/936683 Reference: CERT:CA-2002-06 Reference: URL:http://www.cert.org/advisories/CA-2002-06.html Reference: FREEBSD:FreeBSD-SN-02:02 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc Reference: REDHAT:RHSA-2002:030 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-030.html Reference: SUSE:SuSE-SA:2002:013 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html Reference: CONECTIVA:CLA-2002:466 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 Reference: XF:radius-vendor-attribute-dos(8354) Reference: URL:http://www.iss.net/security_center/static/8354.php Reference: BID:4230 Reference: URL:http://www.securityfocus.com/bid/4230 Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. Analysis ---------------- ED_PRI CAN-2001-1377 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: There are many RADIUS implementations with a common codebase. While CD:SF-CODEBASE suggests that we SPLIT items for each codebase, the history is complicated, and all (or most) implementations are derived from the same one or two original codebases. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
